Radsoft
 About | Buy | News | Products | Rants | Search | Security
Home » Gallery Radsoft XPT — Industrial Strength Software

Raider

Raider is an object library analysis tool, useful when you need to find unexported hooks in your dependency DLLs. Either give it the path to a library file on the command line, use the open dialog once the program is up and running, or just drop a library file on it and Raider will show you what's officially exported and available and what someone has done quite a lot of work to keep hidden.

Raider lists the hints and hint types, the actual module name, and the import name of every object it finds in the library. This data can be easily exported to a formatted text file by clicking Dump on the toolbar or choosing the same from the menu. Raider will automatically exchange the extension for 'txt' and prompt you to save.

But the fun doesn't stop there. Raider is equipped with our keyword online help system - find a dossier on the Win32 SDK and just double click on any entry in the listview to see if the function is official or not and if so what it does and how it does it. Again, Raider does a lot of cute parsing to get to the essence of the matter, doing away with import prefixes and such, so you can get right to the keyword in question.

You'll generally find two types of interesting data when you begin spelunking with Raider: functions exported by ordinal and functions exported by name. Functions exported by ordinal will need a proper 'typedef'd' function pointer in your code; functions exported by name will not. Functions exported by ordinal cannot be linked to directly at build time, but functions exported by name, whether they are listed in the accompanying header files (if any) or not, can - all you need to do is declare a 'prototype' for them. The tricky part, of course, is to figure out what arguments of what type the functions take. Here again Raider can be of some assistance. The '@' sign normally found after the function name precedes the number of bytes the function expects to have pushed on its stack, written in text form. '@28' means seven DWORD parameters, and so forth. A final consideration is whether you want to base 'release' software on 'hooks' such as these. That is your prerogative entirely. But if you decide to do so, Raider can be your first step in realizing your goal.

The latest version of the COFF library files from Microsoft (are they still really COFF at this point?) have a number of screwy misleading settings, what the purpose of this cloak and dagger business is only Redmond could know, but Raider sees fit to navigate these booby traps as well.

File size: 8KB.

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.